by certifiedbug on March 4, 2010
in Microsoft
The Microsoft Security Response Center (MSRC)
Advance Notification. Preliminary information, subject to change.
Today we are providing advance notification to customers that we will be releasing two bulletins this month affecting Windows and Microsoft Office products. Both bulletins are rated Important and address a total of 8 vulnerabilities.
We recommend that customers review the Advance Notification webpage and prepare to deploy these bulletins as soon as possible. To provide additional guidance for deployment prioritization, customers should note that both bulletins will address issues that would require a user to open a specially crafted file. There are no network based attack vectors.
We’re also continuing to monitor the situation with Security Advisory 981169, the VBScript issue disclosed on Monday. There are no known attacks but we encourage customers to review the advisory and apply the suggested workarounds where possible. Customers that are running Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista are not affected.
The January edition of the monthly bulletin webcast will be held on Wednesday, March 10 at 11:00 a.m. PST (UTC -8)
Register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032427711
Reminder
After the dates below, those products/service packs, will no longer receive security updates thus it is important to move to supported platforms.
- Windows XP Service Pack 2 will no longer be supported after July 13, 2010. Many customers are still on this version, so we encourage upgrading to Service Pack 3 or to Windows 7 as soon as possible.
- Windows Vista RTM will no longer be supported after April 13, 2010. Service Pack 1 will still be supported until July 12, 2011 but we recommend customers update to Service Pack 2 or Windows 7 at this time.
- Extended support for Windows 2000 will also be retired as of July 13, 2010. After that time, we will no longer provide security or any other updates for Windows 2000.
by certifiedbug on February 18, 2010
in Microsoft
Wednesday, February 17, 2010
The Microsoft Security Response Center (MSRC)
Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit. We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third party applications and software. The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state. In every investigated incident, we have not found quality issues with security update MS10-015.
This issue was not caught as part of our testing because oftentimes when malware is present, infected systems are put in an unstable state. These types of infections often leave the machine in such an unstable state that it cannot be reliably tested. This is because Malware writers use unsupported and potentially destabilizing methods for compromising machines because they want to keep their malware hidden from anti-malware software. In the particular case of Alureon, malware writers modified Windows behavior by attempting to access a specific memory location, instead of letting the operating system determine the address which usually happens when an executable is loaded. The chain of events in this case was a machine became infected, during which the malware made assumptions as to the layout of the Windows code on the machine. Subsequently MS10-015 was downloaded and installed, during which the location of Windows code changed. On the next reboot the malware code crashed attempting to call a specific address in Windows code which was no longer the intended OS function.
Read more
According to security vendor Prevx, which names the rootkit TDL3/TDSS, the malware authors have released a new updated rootkit version compatible with the Microsoft patch. Too bizarre but anyway, MS10-015? TDL3 authors “apologize”
